Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for software security scanning employing a scan quality index, comprising: a server comprising at least one computer processor receiving an identification of a computer program for security scanning; the server executing a security scan on the computer program and generating a log file comprising results of the security scan, wherein the log file comprises at least one of an error and a warning generated by the security scan; the server executing a scan quality index tool that generates a scan quality index score by analyzing the at least one error and a warning in the log file with a database comprising a configuration file identifying known error types and warning types, where the scan quality tool assigns a weighting to each error or warning based on whether each error or warning is a known error type or a known warning type, and wherein the scan quality index score represents a quality of the security scan; and the server outputting the scan quality index score.
2. The method of claim 1 , further comprising: the server preventing release of the computer program when the scan quality index score is below a predetermined value.
3. The method of claim 1 , wherein the identification of the computer program is received with the computer program is checked in to a production database.
4. The method of claim 1 , wherein the identification further comprises an identification of one or more dependency associated with the computer program.
5. The method of claim 1 , wherein the log file identifies at least a number of errors and a number of warnings generated by the security scan.
6. The method of claim 1 , wherein the scan quality index score is weighted based on a number of executable lines of code in the computer program.
7. The method of claim 1 , further comprising: saving the scan quality index score in a database.
8. A system for software security scanning employing a scan quality index, comprising: a server comprising at least one computer processor executing a security scanning engine and a scan quality index tool; a database comprising a configuration file identifying known error types and warning types; a production database comprising a computer program; wherein: the security scanning engine receives an identification of the computer program for security scanning; the security scanning engine executes a security scan on the computer program and generates a log file comprising results of the security scan, wherein the log file comprises at least one of an error and a warning generated by the security scan; and the scan quality index tool generates a scan quality index score by analyzing the at least one error and a warning in the log file with the configuration file, where the scan quality tool assigns a weighting to each error or warning based on whether each error or warning is a known error type or a known warning type, and wherein the scan quality index score represents a quality of the security scan.
9. The system of claim 8 , wherein the scan quality index tool prevents release of the computer program when the scan quality index score is below a predetermined value.
10. The system of claim 8 , further comprising: a user interface in communication with the server that receives the scan quality index score.
11. The system of claim 8 , wherein the security scanning engine automatically scans the computer program when it is checked in to the production database.
12. The system of claim 8 , wherein the log file identifies at least a number of errors and a number of warnings generated by the security scan.
13. The system of claim 8 , wherein the scan quality index score is weighted based on a number of executable lines of code in the computer program.
Unknown
December 3, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.